Wireshark-dev: Re: [Wireshark-dev] Source code for ACN (ANSI BSR E1.17) Dissector

From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Date: Wed, 25 Oct 2006 18:00:00 +0800

We do suffer in wireshark from port collissions due to the number of
protocols we support.
So a port number is not really enough for us to identify a protocol.
Can you make dissect_acn() do some heuristics and return FALSE if it
didnt really look like ACN in the first place?
This would reduce the probability for false ACN dissection for those
users that have set an ACN port and forgotten about it.
I.e. make dissect_acn() a new style dissector that can refuse the
packet by returning FALSE and return TRUE meaning : yes this was one
of mine and i did dissect it.

I did this once a while ago and found figuring out how to actually make a dissector into a "new style" dissector wasn't all that easy, mainly because I couldn't find which (of the hundreds) of dissectors did it already so I didn't know where to look for an example and the README.developer didn't contain any info about it.

So, for your reference, grep for "new_create_dissector_handle" to find such a dissector and copy from there.

One day if I have more than a few seconds of spare time I'll submit a patch against README.developer, but no luck so far...